rsaml 0.1.2

data/test/protocol/authz_decision_query_test.rb

@@ -0,0 +1,31 @@
+require File.dirname(__FILE__) + '/../test_helper'
+
+class AuthzDecisionQueryTest < Test::Unit::TestCase
+  include RSAML::Protocol::Query
+  
+  context "an authz decision query" do
+    setup do
+      @query = AuthzDecisionQuery.new(Subject.new('example'))
+      @query.resource = 'http://somesite/some/resource'
+      @query.actions << Action.new('Read')
+    end
+    should "be valid" do
+      assert_nothing_raised { @query.validate }
+    end
+    context "when producing xml" do
+      should "include a subject" do
+        assert_match('<saml:Subject>example</saml:Subject>', @query.to_xml)
+      end
+      should "include a Resource attribute" do
+        assert_match(%Q(<samlp:AuthzDecisionQuery Resource="#{@query.resource}"), @query.to_xml)
+      end
+      should "include actions" do
+        assert_match(%Q(<saml:Action Namespace="urn:oasis:names:tc:SAML:1.0:action:rwedc-negation">Read</saml:Action>), @query.to_xml)
+      end
+      should "optionally include evidence" do
+        @query.evidence = Evidence.new
+        assert_match(%Q(<saml:Evidence></saml:Evidence>), @query.to_xml)
+      end
+    end
+  end
+end

data/test/protocol/idp_list_test.rb

@@ -0,0 +1,15 @@
+require File.dirname(__FILE__) + '/../test_helper'
+
+class IDPListTest < Test::Unit::TestCase
+  include RSAML::Protocol
+  context "an idp list" do
+    setup do
+      @idp_list = IDPList.new
+    end
+    context "when producing xml" do
+      should "have the IDPList element" do
+        assert_match('<samlp:IDPList', @idp_list.to_xml)
+      end
+    end
+  end
+end

data/test/protocol/request_test.rb

@@ -0,0 +1,66 @@
+require File.dirname(__FILE__) + '/../test_helper'
+
+class RequestTest < Test::Unit::TestCase
+  include RSAML::Protocol
+  context "a request instance" do
+    setup do
+      @request = Request.new
+    end
+    should "require an id" do
+      @request.id = nil
+      assert_raise ValidationError do
+        @request.validate
+      end
+    end
+    should "require a version" do
+      @request.version = nil
+      assert_raise ValidationError do
+        @request.validate
+      end
+    end
+    should "require an issue instant" do
+      @request.issue_instant = nil
+      assert_raise ValidationError do
+        @request.validate
+      end
+    end
+    should "require an issue instant to be UTC" do
+      @request.issue_instant = Time.now
+      assert_raise ValidationError do
+        @request.validate
+      end
+    end
+    should "create a response with in_response_to set properly" do
+      response = @request.respond(Status.new(StatusCode::SUCCESS))
+      assert_not_nil response
+      assert_equal @request.id, response.in_response_to
+    end
+    context "when producing xml" do
+      should "include the samlp:Request element" do
+        assert_match('<samlp:Request', @request.to_xml)
+      end
+      should "require include required attributes" do
+        xml = @request.to_xml
+        assert_match(/ID="#{@request.id}"/, xml)
+        assert_match(/Version="2.0"/, xml)
+        assert_match(/IssueInstant="#{date_match}"/, xml)
+      end
+      should "optionally include a destination" do
+        @request.destination = 'http://somesite/destination'
+        assert_match(/Destination="#{@request.destination}"/, @request.to_xml)
+      end
+      should "optionally include a consent" do
+        @request.consent = 'http://somesite/consent'
+        assert_match(/Consent="#{@request.consent}"/, @request.to_xml)
+      end
+      should "optionally include an issuer child element" do
+        @request.issuer = Identifier::Issuer.new('example')
+        assert_match(%Q(<saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">example</saml:Issuer>), @request.to_xml)
+      end
+      should "optionally include a signature" do
+        @request.signature = XmlSig::Signature.new()
+        assert_match(%Q(<ds:Signature), @request.to_xml)
+      end
+    end
+  end
+end

data/test/protocol/response_test.rb

@@ -0,0 +1,68 @@
+require File.dirname(__FILE__) + '/../test_helper'
+
+class ResponseTest < Test::Unit::TestCase
+  include RSAML::Protocol
+  context "a response instance" do
+    setup do
+      @response = Response.new(Status.new(StatusCode::SUCCESS))
+    end
+    should "require an id" do
+      @response.id = nil
+      assert_raise ValidationError do
+        @response.validate
+      end
+    end
+    should "require a version" do
+      @response.version = nil
+      assert_raise ValidationError do
+        @response.validate
+      end
+    end
+    should "require an issue instant" do
+      @response.issue_instant = nil
+      assert_raise ValidationError do
+        @response.validate
+      end
+    end
+    should "require an issue instant to be UTC" do
+      @response.issue_instant = Time.now
+      assert_raise ValidationError do
+        @response.validate
+      end
+    end
+    should "be valid" do
+      assert_nothing_raised { @response.validate }
+    end
+    context "when producing xml" do
+      should "include the samlp:Response element" do
+        assert_match('<samlp:Response', @response.to_xml)
+      end
+      should "require include required attributes" do
+        xml = @response.to_xml
+        assert_match(/ID="#{@response.id}"/, xml)
+        assert_match(/Version="2.0"/, xml)
+        assert_match(/IssueInstant="#{date_match}"/, xml)
+      end
+      should "optionally include an InResponseTo attribute" do
+        @response.in_response_to = 'some_id'
+        assert_match(/InResponseTo="some_id"/, @response.to_xml)
+      end
+      should "optionally include a destination" do
+        @response.destination = 'http://somesite/destination'
+        assert_match(/Destination="#{@response.destination}"/, @response.to_xml)
+      end
+      should "optionally include a consent" do
+        @response.consent = 'http://somesite/consent'
+        assert_match(/Consent="#{@response.consent}"/, @response.to_xml)
+      end
+      should "optionally include an issuer child element" do
+        @response.issuer = Identifier::Issuer.new('example')
+        assert_match(%Q(<saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">example</saml:Issuer>), @response.to_xml)
+      end
+      should "optionally include a signature" do
+        @response.signature = XmlSig::Signature.new()
+        assert_match(%Q(<ds:Signature), @response.to_xml)
+      end
+    end
+  end
+end

data/test/protocol/scoping_test.rb

@@ -0,0 +1,20 @@
+require File.dirname(__FILE__) + '/../test_helper'
+
+class ScopingTest < Test::Unit::TestCase
+  include RSAML::Protocol
+  context "a scoping instance" do
+    setup do
+      @scoping = Scoping.new
+    end
+    context "when producing xml" do
+      should "optionally include a proxy count" do
+        @scoping.proxy_count = 2
+        assert_match '<samlp:Scoping ProxyCount="2"', @scoping.to_xml
+      end
+      should "optionally include an idp list" do
+        @scoping.idp_list = IDPList.new(IDPEntry.new('some_provider_id'))
+        assert_match '<samlp:IDPList><samlp:IDPEntry', @scoping.to_xml
+      end
+    end
+  end
+end

data/test/protocol/status_code_test.rb

@@ -0,0 +1,34 @@
+require File.dirname(__FILE__) + '/../test_helper'
+
+class StatusCodeTest < Test::Unit::TestCase
+  include RSAML::Protocol
+  
+  context "the StatusCode class" do
+    should "have 4 top-level status codes" do
+      assert_equal 4, StatusCode.top_level_status_codes.length
+    end
+    should "have 19 second-level status codes" do
+      assert_equal 19, StatusCode.second_level_status_codes.length
+    end
+    should "have constants for the top-level status codes" do
+      assert_equal StatusCode.top_level_status_codes[:success], StatusCode::SUCCESS
+      assert_equal StatusCode.top_level_status_codes[:requestor], StatusCode::REQUESTOR
+      assert_equal StatusCode.top_level_status_codes[:responder], StatusCode::RESPONDER
+      assert_equal StatusCode.top_level_status_codes[:version_mismatch], StatusCode::VERSION_MISMATCH
+    end
+  end
+  
+  context "a success status code instance" do
+    setup do
+      @status_code = StatusCode::SUCCESS
+    end
+    context "when producing xml" do
+      should "have the samlp:StatusCode element name" do
+        assert_match(/<samlp:StatusCode/, @status_code.to_xml)
+      end
+      should "include a value" do
+        assert_match(/Value="urn:oasis:names:tc:SAML:2.0:status:Success"/, @status_code.to_xml)
+      end
+    end
+  end
+end

data/test/protocol/status_test.rb

@@ -0,0 +1,16 @@
+require File.dirname(__FILE__) + '/../test_helper'
+
+class StatusTest < Test::Unit::TestCase
+  include RSAML::Protocol
+  
+  context "a status instance" do
+    setup do
+      @status = Status.new(StatusCode::SUCCESS)
+    end
+    context "when producing xml" do
+      should "include a status code" do
+        assert_match(%Q(<samlp:StatusCode Value="#{StatusCode::SUCCESS}">), @status.to_xml)
+      end
+    end
+  end
+end

data/test/proxy_restriction_test.rb

@@ -0,0 +1,20 @@
+require File.dirname(__FILE__) + '/test_helper'
+
+class ProxyRestrictionTest < Test::Unit::TestCase
+  context "a proxy restriction" do
+    setup do
+      @proxy_restriction = ProxyRestriction.new
+    end
+    context "when producing xml" do
+      should "optionally include a count" do
+        @proxy_restriction.count = 1
+        assert_equal '<saml:ProxyRestriction Count="1"></saml:ProxyRestriction>', @proxy_restriction.to_xml
+      end
+      should "optionally include audiences" do
+        audience = Audience.new('some_uri')
+        @proxy_restriction.audiences << audience
+        assert_equal '<saml:ProxyRestriction><saml:Audience>some_uri</saml:Audience></saml:ProxyRestriction>', @proxy_restriction.to_xml
+      end
+    end
+  end
+end

data/test/rsaml_test.rb

@@ -0,0 +1,12 @@
+class RSAMLTest < Test::Unit::TestCase
+  context "the RSAML module" do
+    should "provide the SAML namespaces" do
+      assert_equal 'urn:oasis:names:tc:SAML:2.0:assertion', RSAML::saml_namespaces['saml']
+      assert_equal 'urn:oasis:names:tc:SAML:2.0:protocol', RSAML::saml_namespaces['samlp']
+      assert_equal 'http://www.w3.org/2000/09/xmldsig#', RSAML::saml_namespaces['ds']
+      assert_equal 'http://www.w3.org/2001/04/xmlenc#', RSAML::saml_namespaces['xenc']
+      assert_equal 'http://www.w3.org/2001/XMLSchema', RSAML::saml_namespaces['xs']
+      assert_equal 'http://www.w3.org/2001/XMLSchema-instance', RSAML::saml_namespaces['xsi']
+    end
+  end
+end

data/test/statement_test.rb

@@ -0,0 +1,101 @@
+require File.dirname(__FILE__) + '/test_helper'
+
+class StatementTest < Test::Unit::TestCase
+  context "an authentication statement" do
+    setup do
+      @statement = AuthenticationStatement.new(AuthenticationContext.new())
+    end
+    should "always have a UTC time for authn_instant" do
+      assert_not_nil @statement.authn_instant
+      assert @statement.authn_instant.utc?
+    end
+    should "be valid" do
+      assert_nothing_raised do
+        @statement.validate
+      end
+    end
+    should "be invalid if authn_instant is not UTC" do
+      @statement.authn_instant = Time.now
+      assert_raise ValidationError do
+        @statement.validate
+      end
+    end
+    context "when producing xml" do
+      should "always include authn_instant" do
+        assert_match(/<saml:AuthnStatement AuthnInstant="#{date_match}">/, @statement.to_xml)
+      end
+      should "always include authn_context" do
+        assert_match(/<saml:AuthnContext>/, @statement.to_xml)
+      end
+      should "optionally include a session index" do
+        @statement.session_index = '12345'
+        assert_match(/SessionIndex="\d+"/, @statement.to_xml)
+      end
+      should "optionally include a session not on or after date" do
+        @statement.session_not_on_or_after = (Time.now + 5.days).utc
+        assert_match(/SessionNotOnOrAfter="#{date_match}"/, @statement.to_xml)
+      end
+    end
+  end
+  context "an attribute statement" do
+    setup do
+      @statement = AttributeStatement.new
+      @statement.attributes << Attribute.new('email', 'someone@someplace.com')
+    end
+    should "be valid" do
+      assert_nothing_raised { @statement.validate }
+    end
+    should "not be valid if empty attributes" do
+      assert_raise ValidationError do
+        @statement.attributes.clear
+        @statement.validate
+      end
+    end
+    context "when producing xml" do
+      should "include at least on attribute" do
+        assert_match(/<saml:AttributeStatement><saml:Attribute Name="email"><saml:AttributeValue>someone@someplace.com<\/saml:AttributeValue><\/saml:Attribute><\/saml:AttributeStatement>/, @statement.to_xml)
+      end
+    end
+  end
+  
+  context "an authorization decision statement" do
+    setup do
+      @statement = AuthorizationDecisionStatement.new
+      @statement.resource = 'file://some/resource'
+      @statement.decision = 'Permit'
+      @statement.actions << Action.new('Read')
+    end
+    should "be valid" do
+      assert_nothing_raised { @statement.validate }
+    end
+    should "not be valid if resource is nil" do
+      assert_raise ValidationError do
+        @statement.resource = nil
+        @statement.validate
+      end
+    end
+    should "not be valid if decision is nil" do
+      assert_raise ValidationError do
+        @statement.decision = nil
+        @statement.validate
+      end
+    end
+    should "not be valid if no actions are specified" do
+      assert_raise ValidationError do
+        @statement.actions.clear
+        @statement.validate
+      end
+    end
+    context "when producing xml" do
+      should "include the AuthzStatement tag" do
+        assert_match(%Q(<saml:AuthzStatement), @statement.to_xml)
+      end
+      should "include a Resource attribute" do
+        assert_match(%Q(Resource="file://some/resource"), @statement.to_xml)
+      end
+      should "include a Decision attribute" do
+        assert_match(%Q(Decision="Permit"), @statement.to_xml)
+      end
+    end
+  end
+end

data/test/subject_locality_test.rb

@@ -0,0 +1,27 @@
+require File.dirname(__FILE__) + '/test_helper'
+
+class SubjectLocalityTest < Test::Unit::TestCase
+  context "a subject locality" do
+    setup do
+      @subject_locality = SubjectLocality.new
+    end
+    context "when validating" do
+      should "validate the address" do
+        @subject_locality.address = 'x'
+        assert_raise ValidationError do
+          @subject_locality.validate
+        end
+      end
+    end
+    context "when producing xml" do
+      should "optionally include an address" do
+        @subject_locality.address = '1.2.3.4'
+        assert_equal '<saml:SubjectLocality Address="1.2.3.4"/>', @subject_locality.to_xml
+      end
+      should "optionally include a dns name" do
+        @subject_locality.dns_name = 'example.com'
+        assert_equal '<saml:SubjectLocality DNSName="example.com"/>', @subject_locality.to_xml
+      end
+    end
+  end
+end

data/test/subject_test.rb

@@ -0,0 +1,44 @@
+require File.dirname(__FILE__) + '/test_helper'
+
+class SubjectTest < Test::Unit::TestCase
+  context "a subject with an identifier" do
+    setup do
+      @identifier = Identifier::Name.new('example')
+      @subject = Subject.new(@identifier)
+    end
+    should "have an identifier" do
+      assert_equal @identifier, @subject.identifier
+    end
+    context "when producing xml" do
+      should "should include the identifier" do
+        assert_equal '<saml:Subject><saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">example</saml:NameID></saml:Subject>', @subject.to_xml
+      end
+    end
+  end
+  context "a subject with subject confirmations" do
+    setup do
+      @subject = Subject.new
+      @subject.subject_confirmations << SubjectConfirmation.new(SubjectConfirmation.methods[:holder_of_key])
+    end
+    
+    context "when producing xml" do
+      should "optionally include subject confirmations" do
+        assert_equal '<saml:Subject><saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:holder-of-key"/></saml:Subject>', @subject.to_xml
+      end
+    end
+  end
+  
+  context "a subject with an identifier and subject confirmations" do
+    setup do
+      @identifier = Identifier::Name.new('example')
+      @subject = Subject.new(@identifier)
+      @subject.subject_confirmations << SubjectConfirmation.new(SubjectConfirmation.methods[:holder_of_key])
+    end
+    
+    context "when producing xml" do
+      should "include the identifier followed by the subject confirmations" do
+        assert_equal '<saml:Subject><saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">example</saml:NameID><saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:holder-of-key"/></saml:Subject>', @subject.to_xml
+      end
+    end
+  end
+end